NSAA: A Network Slice Access Authentication and Service Authorization Scheme for Integrated Satellite-Terrestrial Network

Abstract

Introducing slicing into integrated satellite-terrestrial networks enables the flexible deployment of network resources and being adaptable for more new applications. However, the heterogeneity of integrated satellite-terrestrial network poses challenges to network resource access control. To ensure users can securely and efficiently access service across multiple management domains, we propose a network slice access authentication and service authorization scheme based on a sharding permissioned blockchain. Slice tenants and wireless network operators with management control act as consortium blockchain nodes, which are divided into shards, and the blockchain is maintained in parallel by multiple shards. First, an efficient public ledger is constructed to establish decentralized trust and manage user identity and service authorization information. Second, utilizing the trapdoor collision resistance of the chameleon hash, users can fully self-select their secret key and generate authentication credentials to register on the blockchain without key escrow problem. When users move into a new network domain, the mutual authentication between users and the visited network can be quickly completed. The session key is negotiated based on the Diffie-Hellman ephemeral protocol with perfect forward secrecy. Then, the editable transaction blocks, storing network slice authorization information and slice templates, are linked using chameleon hashes. This allows the access permissions of slice resources to be dynamically adjusted and easily queried by the service-providing wireless network operators. Performance evaluation and security simulations demonstrate the correctness of the scheme, showing that it can achieve secure access to integrated satellite-terrestrial network slice services with low computational and communication overhead.